By now the variety of ways governments, corporations, and other
individuals can violate one's privacy are well known, so you might well ask why another "this is how you are vulnerable" book
is needed. In the case of Simson Garfinkel's Database Nation, the answers are clear: the author's technical abilities
and understanding of the role technology plays in society, the book's new look at medical privacy is of a type I had not seen
before in the popular literature, and the depth of Garfinkel's inquiry into each type of privacy intrusion.

That said,
Garfinkel's book does cover a lot of familiar ground. For example, he describes how supermarket affinity cards, warranty
cards, and cell phone networks can be used to track individuals' preferences and, in the case of cell phones, their physical
movement. He also goes into significant detail about advanced identification technologies, including retina scans and DNA
analysis, that can be used to identify and track individuals, but those technologies serve as a lead-in to the issue Garfinkel
seems to regard as the most serious: medical privacy.

Chapter 6 goes into more depth than any other published account I
had seen of how medical information is distributed within the medical community. At the center of those transactions is the
ominously-named "MIB", or Medical Information Bureau (not "Men In Black", though the unspoken parallel is amusing). The MIB
collects medical information entered on insurance forms and into personal records and sells that information to companies that
need to set insurance premiums for applicants. What gives the MIB the right to collect that information? Patients give them
that permission when they consent to receive treatment - page 136 contains the disclaimer on the bottom of an insurance form
that gives medical practitioners the right to share the information derived from any examination or procedure with the Medical
Information Bureau.

At the end of Database Nation, Garfinkel offers a legislative solution for strengthening
privacy protections in the United States. In particular, he calls for the government to establish an executive agency charged
with enforcing existing privacy laws and acting as an ombudsman for individual privacy. The problem with such an agency is
that it would not have the legislation behind it to protect privacy adequately. As Garfinkel himself argues, the existing
protections against private sector use of personally identifiable information are toothless; at best, they allow individuals
to "opt out" of mailing and telephone solicitation lists. The new medical privacy standards the White House offered in early
2000 (after the book went to press) go part of the way to solving some of the problems mentioned Garfinkel describes, but in
all his solution is far too feeble to result in meaningful privacy reform.

Database Nation continues the
growing tradition of O'Reilly books that cast technology in its social context. That movement started with a pair of market
research reports (one on the size of the online population, the other an investigation of the secure web server market) and
continued with Stephen Talbott's The Future Does Not Compute (a cautionary book that critiques the role of computers in
society in general and education in particular); Cracking DES (a complete technical specification for the brute force
encryption key locater built for $200,000 by the Electronic Frontier Foundation); and Open Sources, a collection of
essays from leaders in the open source software movement. It's heartening to see such an influential technical publisher
offering books that examine technology's role in society.